14Managing the Schengen external borders

Not cleared from scrutiny; further information requested; drawn to the attention of the Home Affairs Committee and the Committee on Exiting the European Union

Document details

(a) Proposal for a Regulation establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes

(b) Proposal for a Regulation amending the Schengen Borders Code as regards the use of the Entry/Exit System

Summary and Committee’s conclusions

14.1The external borders of the Schengen free movement area have faced unprecedented pressures in recent years, with a significant increase in cross-border travel for business and tourism and in irregular migration flows across the Aegean and Mediterranean Seas. These pressures at the borders have been compounded by threats to the EU’s internal security following a spate of terrorist attacks. The Commission considers that the introduction of a largely automated EU Entry/Exit System to record the date, time and place at which third country (non-EU) nationals enter and leave the Schengen area would improve the management of migration flows at the external borders and enhance security within the EU. The Commission has proposed two Regulations. The first—document (a)—would establish the Entry/Exit System. It would be developed and overseen by the EU Agency responsible for the operational management of large-scale justice and home affairs information systems (eu-LISA) and consist of a Central System connected by a national interface to each Member State’s border infrastructure. It would also be fully interoperable with the EU’s Visa Information System. The second—document (b)—would make the necessary changes to the Schengen Borders Code.196

14.2The new Entry/Exit System would apply to all third country nationals (whether traveling with visas or visa-exempt) seeking to enter the Schengen area for a short stay (a maximum of 90 days over a 180-day period). The current system of manually stamping passports on entry and exit would be replaced by a biometric information system. Each traveller would have an individual file containing personal information (name, date of birth, nationality and gender), details of their travel documents, a facial image and fingerprints. The data would be verified by passing through a system of “e-gates” and checked against various migration and security databases. Any concerns would be flagged to border control officers who would be able to question individual travellers before granting or refusing entry to the Schengen area. The Entry/Exit System would calculate the amount of time that a third country national is entitled to stay within the Schengen area and help to identify those that have overstayed. It would also keep a record of individuals refused entry. The data collected would be retained for a period of three years, but this would be extended to five years for third country nationals who have overstayed.

14.3As well as improving border management, the Entry/Exit System is intended to strengthen internal security by allowing designated national law enforcement authorities and Europol to request access to EES data for the purpose of combating serious crime and terrorism. This might include, for example, checking the travel history of suspected terrorists or comparing fingerprints to identify an unknown criminal suspect.

14.4The proposed Regulations build on parts of the Schengen rule book on border controls which do not apply to the UK. Whilst the UK may take part in the negotiations, it has no vote and will not be bound by the Regulations once they have been adopted. The Entry/Exit System would only apply to third country nationals who are not citizens of the EU. Data on UK nationals travelling to and from the Schengen area would not therefore be recorded in the EES while the UK remains a member of the EU. The Commission expects the Entry/Exit System to be operational by 2020, after the date on which the UK is expected to leave the EU. This means that the Entry/Exit System would apply to UK nationals unless a different outcome is secured as part of the UK’s exit negotiations.

14.5The Government told our predecessors in May 2016 that the proposed Entry/Exit System was “an important measure to increase the security of the external Schengen border” and expressed its commitment to supporting European partners in ensuring that this border was effectively managed, “not just in combating illegal migration and cross-border crime, but also as part of the EU-wide counter-terrorism effort”.197 It said that there would be “significant value” in negotiating access to EES data for UK law enforcement authorities and indicated that it would draw on the precedent of other EU measures from which the UK is excluded, notably the Visa Information System.198

14.6Noting the relevance of the outcome of the referendum in June 2016, our predecessors requested an analysis of the procedure and prospects for negotiating UK access to EES data. The Government responded that it was examining the UK’s position “in the context of our wider, post-Brexit, data-sharing objectives”, adding:

“The process for leaving the EU and determining our future relationship will be a complex one, so we need time to think through our objectives and approach. We want to ensure the best possible outcome for Britain and the future UK-EU relationship and will not trigger Article 50 until we have an agreed exit strategy.”199

14.7In March this year, the Government told our predecessors that it had secured the addition of new provisions in the negotiating mandate agreed by the Council which would allow access to data for law enforcement purposes by authorities of Member States not operating or participating in the Entry/Exit System. The Government neglected to add that there were significant limitations on access or to provide the analysis requested previously on the issue of third country access to EES data.

14.8The Council and the European Parliament each agreed a mandate to start trilogue negotiations earlier this year and reached an agreement on the “main political provisions” of the proposed Entry/Exit System in June.200 In his letter dated 3 August, the Immigration Minister (Brandon Lewis) explains the conditions under which data stored in the Entry/Exit System may be transferred or made available to a third (non-EU) country and adds:

“In terms of applicability to the UK, you will understand the wider question of how the UK shares data with the EU from the point of exit will be an issue for discussion during the Brexit negotiations. We remain committed to strong cooperation with Member States on security and law enforcement, both now and after we leave the EU.”

14.9Since writing to us, the Council and European Parliament have completed their work on the technical aspects of the proposed Regulations.201 The Council formally adopted the proposals on 20 November.

14.10In its future partnership paper, The exchange and protection of personal data published in August, the Government calls for a bespoke UK-EU model to enable “free flows of data to continue, based on mutual trust in each other’s high data protection standards”. It is not clear how such a model would accommodate EU information systems, such as the Entry/Exit System, which have their basis in the Schengen rule book and in which the UK, even now as a Member State, is not entitled to participate.202 In such cases, the starting point of negotiations would not be to continue free flows of data but to secure special access.

14.11The Government told our predecessors that securing access to EES date as a non-participating Member State would provide “significant value” for UK law enforcement authorities. In light of the UK’s decision to leave the EU, we ask the Minister whether he is content with the restrictive conditions governing third country access to EES data or whether the Government intends to seek more favourable access as part of a bespoke UK-EU data-sharing model. Does he envisage that data sharing arrangements for law enforcement purposes (including EES data) would form part of the wider “strategic agreement” for security, law enforcement and criminal justice cooperation mooted in the Government’s future partnership paper, Security, law enforcement and criminal justice?203 Would this or any other bespoke agreement dealing with cross-border data sharing and transfers take precedence over incompatible provisions in EU secondary legislation, such as these proposed Regulations establishing the Entry/Exit System?

14.12We ask the Minister to report back to us on the main features of the agreement reached between the European Parliament and the Council, highlighting any significant changes made to the texts proposed by the Commission. We seek an assurance that the Government is satisfied that there are adequate safeguards for personal data held in the Entry/Exit System, as well as effective means for obtaining redress, given the potential impact on UK nationals post-Brexit.

14.13Pending further information, the proposed Regulations remain under scrutiny. We draw this chapter to the attention of the Home Affairs Committee and the Committee on Exiting the European Union.

Full details of the documents

(a) Proposal for a Regulation establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third country nationals crossing the external borders of the Member States of the European Union and determining the conditions for access to the EES for law enforcement purposes and amending Regulation (EC) No 767/2008 and Regulation (EU) No 1077/2011: (37654), 7675/16 + ADDs 1–6, COM(16) 194.

Background

14.14Our predecessors’ earlier Report listed at the end of this chapter provides a more detailed overview of the proposed Regulations and the Government’s position.

14.15The compromise text agreed by the Council and European Parliament in June maintains the general prohibition on the transfer of data held in the Entry/Exit System to third countries, subject to narrowly defined exceptions for migration control and law enforcement purposes. On the former, data may be transferred solely for the purpose of return where necessary to establish the identity of a third country national. The Commission must first have satisfied itself that the third country ensures an adequate level of protection by adopting an “adequacy decision” or by verifying that “appropriate safeguards” are in place. Data may also be transferred for important reasons of public interest (including the return of overstayers).204

14.16Stringent conditions apply to the transfer of data for law enforcement purposes. A third country may request access to data obtained from the EES Central System by a Member State or Europol, provided it can demonstrate that the information is urgently needed in an individual case in connection with a terrorist or other serious criminal offence presenting an imminent danger to life or limb and that it is able to satisfy the conditions for data transfers set out in the EU Directive on data protection in the law enforcement field.205

The Minister’s letter of 3 August 2017

14.17The Minister first provides an update on discussions at the March Justice and Home Affairs (JHA) Council and the Council’s position on third country access to data held in the Entry/Exit System:

“At the March JHA Council, the Commission provided a debrief on the first trilogue which had taken place on 23 March. Member States were urged to show flexibility and to lobby their national MEPs to ensure agreement on the proposals by the end of the Maltese Presidency. However, a further five trilogue meetings were held under the Maltese Presidency and the dossier will now be taken forward under the Estonian Presidency. In response to the European Parliament’s continuing interest in the data protection of citizens, some discussion during the trilogue meetings focused on the details of when law enforcement access to EES data could be necessary.

“The proposals set out that there will be no access to data by third countries except in certain limited circumstances, as defined in the draft Regulation. In the current text, data stored in the EES may be transferred or made available to a third country or an international organisation (the International Organisation for Migration, the International Committee of the Red Cross and UN organisations such as UNHCR) for the purposes of return. Furthermore, data may be transferred to a Member State which does not operate the EES, a Member State to which the Regulation does not apply or a third country, but only in individual urgent cases where there is an imminent danger associated with a terrorist offence or an imminent danger to life associated with a serious criminal offence. During trilogue meetings, the European Parliament argued for this to be narrowed down to exclude an explicit reference to danger to the physical integrity of a person. The Council opposed this on the basis that it would be too restrictive and is allowed under the General Data Protection Regulation. In defining the final compromise, co-legislators clarified the ways in which threat to life should be understood in a recital. Further conditions for the transfer of data are that it must be necessary for the prevention, detection or investigation of a terrorist or serious criminal offence in the territory of the Member States or in the third country concerned. Data can only be transferred on receipt of a written or electronic request and on the basis that the requesting country reciprocates with any relevant information held in their own entry/exit records. The providing authority must access the data in accordance with procedures and conditions set out in the text and transfer must be carried out in accordance with the Data Protection Directive (Directive (EU) 2016/680).”

14.18The Minister says that the extent to which these provisions on third country access to EES data will apply to the UK following its exit from the EU will form part of the Brexit negotiations. He makes clear that the Government remains “committed to strong cooperation with Member States on security and law enforcement, both now and after we leave the EU” and undertakes to provide a further progress report “in due course”.

205Directive (EU) 2016/680. The Directive sets out general principles governing the transfer of data to third countries and various ways in which they may be met, including by means of an adequacy decision, other “appropriate safeguards”, or to avert “an immediate and serious threat to public security of a Member State or a third country”.